3.8.8

  • Requirement

    Prohibit the use of portable storage devices when such devices have no identifiable owner.

  • Discussion

    Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., insertion of malicious code).

More Info

  • Family

    Media Protection
  • DoD Scoring Methodology Points

    3
  • Related CMMC ID

  • Related NIST 800-53 ID

    MP-7(1)
  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!